I agree that SQL doesn't have much in the way of data sanitizing but Livecode does. I also agree that there must be a good reason why most of the world uses server side scripting, just trying to understand exactly what that is.
I've been under the impression that if I use the variableslist parameter available with the revDatabasexxx calls, I'm protected from SQL injection attacks. Even more so if I open the database connection using SSL. The proverbial lightbulb will start to come on if that impression is wrong! On Thu, Aug 13, 2015 at 2:27 PM Richard Gaskin <ambassa...@fourthworld.com> wrote: > Peter Haworth wrote: > > It still seems to me that, once security matters are dealt with, the > choice > > of server side script versus direct connection is more a matter of > > preferred application architecture more than anything else. > > Ah, but there's the rub, "once security matters are dealt with". > > Correct me if I'm wrong, but as a storage-specific language I don't > believe SQL offers as much for sanitizing as PHP, Ruby, LiveCode, and > other more general languages. > > I think there's a good reason most of the world protects their DBs from > open exposure to the Internet via an intermediary scripting language, > more than just for the convenience of making REST APIs. > > -- > Richard Gaskin > Fourth World Systems > Software Design and Development for the Desktop, Mobile, and the Web > ____________________________________________________________________ > ambassa...@fourthworld.com http://www.FourthWorld.com > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
